Flash plugin records visited web sites

Update: there is an extension for Firefox that does this:
<http://www.yardley.ca/objection/>

"What is 'objection'?

objection is an extension for Firefox that adds deletion of Local Shared Objects
to the Option > Privacy panel."

It would be nice for this feature to be integrated into firefox.

that page made it clear that this is handled entirely in the plugin. thus, it is
completely out of the scope of the networking library. -> ffox frontend

(Hm... comment 0 says you are using mozilla, not firefox?)

 Christian Biesinger (:bi) wrote:

> (Hm... comment 0 says you are using mozilla, not firefox?)

I'm from the Flashblock team so I use both for testing. I opened this bug
because someone in the flashblock mailing list asked us to block flash cookies
as well. I thought that this was more appropriate as part of firefox/seamonkey
instead of an extension - then several minutes later I find the "objection"
extension while looking for something else.

Grrr. The author of objection totally replaces PrivacyPanel.clearAll() instead
of handing off to the original after processing the LSOs.

*** Bug 298825 has been marked as a duplicate of this bug. ***

I don't see a dupe of this bug, marking as new.

*** Bug 383320 has been marked as a duplicate of this bug. ***

*** Bug 399724 has been marked as a duplicate of this bug. ***

*** Bug 400934 has been marked as a duplicate of this bug. ***

*** Bug 414478 has been marked as a duplicate of this bug. ***

There is no patch. And even if there were, it would have i18n impact. I think it's too late in this cycle to block.

Updated link to the Objection extension (Delete Flash Local Shared Objects):
http://objection.mozdev.org/

Not blocking, far too late for changes of this type.

Surely there are other plugins that store private data. Shouldn't we simply have a "Plug-in data" checkbox in the Clear Private Data... window? Why clear just cookies and leave other private data on disk?

Is there a universal "clear plugin private data" API or does each plugin do things differently? If the latter I don't see how it would be practical to build in awareness of any and all plugin data handling not just for currently existing plugins but for any hypothetical future plugins from some obscure developer in Upper Moldavia.

There doesn't have to be a consistent API for Firefox to do its best for the common ones, Flash, Java, QuickTime, WMP, Acrobat and a few others.

(In reply to comment 15)
> There doesn't have to be a consistent API for Firefox to do its best for the
> common ones, Flash, Java, QuickTime, WMP, Acrobat and a few others.

In that case I suggest that having a "Plug-in data" checkbox in the Clear Private Data dialog would give a wrong impression, not to mention a false sense of security to the average mom'n'pop user who doesn't realise that this only clears data from popular plugins. Unless of course you change it to a "Some Plug-in data" checkbox.

Philip, no more misleading than our current "clear cookies" or "clear offline website data" (and probably others) neither of which are cleared in certain plugin cases. You're making perfect the enemy of good here. We can probably never get everything and we can't be 100% accurate in our labeling without making the dialog unusable.

> You're making perfect the enemy of good here.

Asa, normally I'd agree with you (i.e get something working first, worry about perfection later), but one of our "selling points" is that Firefox does security better than that other browser so I want to be more cautious when it comes to this type of issue. But I'll defer to the security and UI people who know more about these sort of things.

*** Bug 471331 has been marked as a duplicate of this bug. ***

Hi just wanted to let y'all know, the objection plugin is not compatible with 3.5. Thus the workaround no longer works.

https://addons.mozilla.org/en-US/firefox/addon/6623

BetterPrivacy 1.29
Works with Firefox: 2.0 – 3.6a1pre

Hi,

we (Adobe) are planning on supporting private browsing in Firefox and other browsers in a forthcoming Flash Player release.

additionally, we would welcome an NPAPI addition that would be called when a user wants to clear their private data. this is in our future plans also, but would likely happen a lot faster if this was implemented by Mozilla, rather than us having to write the patch for it ourselves.

also PLEASE do not try to clear LSO's in the browser code - imo this is something that should be handled by plugins themselves via an NPAPI addition.

Ian

Does Adobe have somewhere where interested people can contribute to discussion on the implementation? There are some, in my opinion, very complex issues that Adobe will have to overcome.

I have been looking at implementing Private Browsing mode support into Objection and the only solutions I came up with could create big problems for the user.

Linux users or extension developers may wish to know that the popular swfdec plugin stores site information in the file ~/.config/swfdec-mozilla (or similar).

Private browsing in Flash Player 10.1
http://www.adobe.com/devnet/flashplayer/articles/privacy_mode_fp10.1.html

Adobe Flash Now Supports InPrivate Browsing
http://blogs.msdn.com/ie/archive/2010/02/11/adobe-flash-now-supports-inprivate-browsing.aspx

Ian -

With Private Browsing, it looks like Adobe has decided to ask the browser if it is in Private Browsing and choose its mode based on that, correct?

Also, I don't see anything in https://bugs.adobe.com for allowing the browser to tell Flash what to clear.

All -

If this bug was specifically for Firefox Private Browsing, then I'd say it is resolved and a separate bug is needed for regular browsing.